From sloach@sandvine.com  Mon Oct 13 20:11:51 2003
Return-Path: <sloach@sandvine.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E7DB016A4B3
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 13 Oct 2003 20:11:51 -0700 (PDT)
Received: from mail.sandvine.com (sandvine.com [199.243.201.138])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1AB2E43F3F
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 13 Oct 2003 20:11:51 -0700 (PDT)
	(envelope-from sloach@sandvine.com)
Received: from bsd-make.sandvine.com ([192.168.1.38]) by mail.sandvine.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id 4CQ6NA4V; Mon, 13 Oct 2003 23:11:49 -0400
Received: by bsd-make.sandvine.com (Postfix, from userid 11195)
	id AD1F7411; Mon, 13 Oct 2003 23:11:49 -0400 (EDT)
Message-Id: <20031014031149.AD1F7411@bsd-make.sandvine.com>
Date: Mon, 13 Oct 2003 23:11:49 -0400 (EDT)
From: Scot Loach <sloach@sandvine.com>
Reply-To: Scot Loach <sloach@sandvine.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] Missing splx in ether_output_frame (-stable)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         57985
>Category:       kern
>Synopsis:       [net] [patch] Missing splx in ether_output_frame (-stable)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    rwatson
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 13 20:20:20 PDT 2003
>Closed-Date:    Sun Nov 27 18:37:56 GMT 2005
>Last-Modified:  Sun Nov 27 18:37:56 GMT 2005
>Originator:     Scot Loach
>Release:        FreeBSD 4.8-RELEASE-p3 i386
>Organization:
Sandvine Incorporated
>Environment:

>Description:
	In /sys/net/if_ethersubr.c, in ether_output_frame, there is a return
	for an error case that fails to call splx to release the splimp
	taken above. (see the included patch)

>How-To-Repeat:
	
>Fix:

Index: if_ethersubr.c
===================================================================
RCS file: /cvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.70.2.30.1000.3
diff -U10 -r1.70.2.30.1000.3 if_ethersubr.c
--- if_ethersubr.c      21 Jun 2003 20:47:55 -0000      1.70.2.30.1000.3
+++ if_ethersubr.c      14 Oct 2003 02:13:58 -0000
@@ -410,20 +410,21 @@
 no_bridge:
        s = splimp();
        if (IPFW_LOADED && ether_ipfw != 0) {
                struct ether_header save_eh, *eh;

                eh = mtod(m, struct ether_header *);
                save_eh = *eh;
                m_adj(m, ETHER_HDR_LEN);
                if (ether_ipfw_chk(&m, ifp, &rule, eh, 0) == 0) {
                        if (m) {
+                               splx(s);
                                m_freem(m);
                                return ENOBUFS; /* pkt dropped */
                        } else  
                                return 0;       /* consumed e.g. in a pipe */
                }

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: arved 
Responsible-Changed-When: Fri Aug 27 17:11:23 GMT 2004 
Responsible-Changed-Why:  
Over to freebsd-net for review.  

http://www.freebsd.org/cgi/query-pr.cgi?pr=57985 
Responsible-Changed-From-To: freebsd-net->rwatson 
Responsible-Changed-By: rwatson 
Responsible-Changed-When: Mon Jan 3 12:25:48 GMT 2005 
Responsible-Changed-Why:  
Grab ownership of this PR. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=57985 

From: Robert Watson <rwatson@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/57985: [patch] Missing splx in ether_output_frame (-stable)
Date: Mon, 3 Jan 2005 12:28:31 +0000 (GMT)

 On Mon, 3 Jan 2005, Robert Watson wrote:
 
 > Synopsis: [patch] Missing splx in ether_output_frame (-stable)
 
 Sorry about the long time it's taken for someone to pick up this PR!
 
 Your description of the problem sounds convincing, but the patch omits to
 call splx(s) in a couple of additional cases.  Could you try the attached
 patch?
 
 Thanks!
 
 cvs diff: Diffing .
 Index: if_ethersubr.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/net/if_ethersubr.c,v
 retrieving revision 1.70.2.36
 diff -u -r1.70.2.36 if_ethersubr.c
 --- if_ethersubr.c	3 Mar 2004 12:35:16 -0000	1.70.2.36
 +++ if_ethersubr.c	3 Jan 2005 12:28:18 -0000
 @@ -414,6 +414,7 @@
  		save_eh = *eh;
  		m_adj(m, ETHER_HDR_LEN);
  		if (ether_ipfw_chk(&m, ifp, &rule, eh, 0) == 0) {
 +			splx(s);
  			if (m) {
  				m_freem(m);
  				return EACCES;	/* pkt dropped */
 @@ -427,8 +428,10 @@
  			m->m_pkthdr.len += ETHER_HDR_LEN ;
  		} else {
  			M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT);
 -			if (m == NULL) /* nope... */
 +			if (m == NULL) { /* nope... */
 +				splx(s);
  				return ENOBUFS;
 +			}
  			bcopy(&save_eh, mtod(m, struct ether_header *),
  			    ETHER_HDR_LEN);
  		}
 
 
State-Changed-From-To: open->closed 
State-Changed-By: rwatson 
State-Changed-When: Sun Nov 27 18:29:04 GMT 2005 
State-Changed-Why:  
Committed as if_ethersubr.c:1.70.2.37; no feedback from submitter but 
believed to fix the reported problem. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=57985 
>Unformatted:
